UD Cloud Service & Security

SupportAboutLogin
EN
DomainServiceSolution

Learn the lesson from OpenSea phishing attack

UD Thought Leader
Back to listing

Learn the lesson from OpenSea phishing attack

Thought Leader
BlockchainNFTSecurity
2022-03-31

As NFTs trading frenzy continues, some projects has recorded sky high prices, fraud and scam cases also increased. Over US$1.7 millions in NFTs was swindled in the recent phishing attack on NFT marketplace OpenSea. The incident involved 254 NFTs being stolen which included some of the invaluable collection of Bored Ape Yacht Club and Azuki NFTs. It raised public concern about the cyber attacks on blockchain. Is your NFT safe?

 

ad-banner1

How did the OpenSea users lose their NFTs? 

After investigation, it is believed that hackers sent phishing emails to users during the smart contract system update of OpenSea. The phishing email mimicked the real smart contract upgrade email of the platform, and invited users to log in to the website and migrate their existing NFT listings to a new smart contract by, otherwise all existing auctions will be removed after February 25. 

 

Hackers also set up another smart contract in the phishing website. Many users have mistaken that it is an official email, and entered the phishing website. Users then have signed the authorization to allow hackers to transfer NFTs from their wallet.

 

OpenSea CEO Devin Finzer tweeted that the new contract has no issue, and the attacks had not originated from OpenSea’s website. It is believed to be a phishing attack. 

 

 

This is the look-so-real phishing email of the incident. 

 

 

How to protect your NFT and other digital assets? 

With the rising value of many NFT collections, hackers have their eye on the users' wallets. In addition to NFT, hackers will also transfer other assets in the victim's wallet, such as Ethernet (ETH) and Bitcoin (BTC).
 

To avoid your assets being stolen, learn the following tips:
 

  • Use multiple independent wallet addresses to handle transactions of different NFT projects to reduce the risk of simultaneous theft.
     
  • Crypto social media Discord is getting popular. Beware of the unofficial announcement links in the group, or admin private messages.
     
  • Note whether the email sender is from the official email. For instance, the most commonly used hot wallet Metamask does not have the user's email address. Be alert when receiving email from Metamask.
     
  • Trusted platforms will not ask users to submit the "seed phrase" of your wallet.
     
  • Use a cold wallet to hold your assets. Remember to purchase your wallet from official channels.

 

 

Blockchain Security Solutions Service Enquiry

其他人也看了

SPACE ID & Web3 Domain: Your Universal Digital IdentitiesExploring the TON Blockchain and Telegram. A Perfect Match between Web2 & Web3? Runes vs. Ordinals: Differences Between the Two Major Bitcoin ProtocolsRunes Protocol 101: A New Dawn for Fungible Tokens on BitcoinWeb3 Domain: More Than Just Trading, A Gateway to New Possibilities